Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
25/08/2024, 22:30
General
-
Target
08c44d1a75249042fbe0bc3e51b9a920N.exe
-
Size
96KB
-
MD5
08c44d1a75249042fbe0bc3e51b9a920
-
SHA1
6839c9eb592d17f7dee22a46ead58aa4b6c1eb82
-
SHA256
448b1d4924c92b17a3c120875e623a6af0c0fca822df9f749dd56a8349ef91a3
-
SHA512
031340d9f2e77654a3d11b1964b32e104cee2d96a09e8255381e735fd86d08c4d18690c2905e572c1b248245b2dd46760174e73c84f7e1b1a9c08e222b827fd1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTrp:ymb3NkkiQ3mdBjFIj+qNhvZuHQYfw4jr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08c44d1a75249042fbe0bc3e51b9a920N.exe"C:\Users\Admin\AppData\Local\Temp\08c44d1a75249042fbe0bc3e51b9a920N.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxrx.exec:\lfflxrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rflrrx.exec:\5rflrrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbbn.exec:\tnnbbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvvj.exec:\3jvvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrxfff.exec:\7xrxfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btbth.exec:\9btbth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbth.exec:\hbtbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpd.exec:\pjdpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflfll.exec:\rlflfll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffx.exec:\rlxxffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbbh.exec:\nhtbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhtbb.exec:\3nhtbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdp.exec:\3pjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdjv.exec:\1jdjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfflrx.exec:\rrfflrx.exe17⤵
- Executes dropped EXE
-
\??\c:\rfxlxfx.exec:\rfxlxfx.exe18⤵
- Executes dropped EXE
-
\??\c:\nnhbnh.exec:\nnhbnh.exe19⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe20⤵
- Executes dropped EXE
-
\??\c:\5dppd.exec:\5dppd.exe21⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe22⤵
- Executes dropped EXE
-
\??\c:\fxfrrxf.exec:\fxfrrxf.exe23⤵
- Executes dropped EXE
-
\??\c:\ffxlflr.exec:\ffxlflr.exe24⤵
- Executes dropped EXE
-
\??\c:\bttbnt.exec:\bttbnt.exe25⤵
- Executes dropped EXE
-
\??\c:\5thnhh.exec:\5thnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\djvdp.exec:\djvdp.exe27⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe28⤵
- Executes dropped EXE
-
\??\c:\rrrlxxf.exec:\rrrlxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\lxlrllx.exec:\lxlrllx.exe30⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe31⤵
- Executes dropped EXE
-
\??\c:\tnntbh.exec:\tnntbh.exe32⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe33⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrxrfr.exec:\lfrxrfr.exe35⤵
- Executes dropped EXE
-
\??\c:\frrlxrf.exec:\frrlxrf.exe36⤵
- Executes dropped EXE
-
\??\c:\1tbnnb.exec:\1tbnnb.exe37⤵
- Executes dropped EXE
-
\??\c:\1bhhth.exec:\1bhhth.exe38⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe39⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe40⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe42⤵
- Executes dropped EXE
-
\??\c:\5xrxxxf.exec:\5xrxxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\9rlrlxf.exec:\9rlrlxf.exe44⤵
- Executes dropped EXE
-
\??\c:\lxlrfll.exec:\lxlrfll.exe45⤵
- Executes dropped EXE
-
\??\c:\ttntnb.exec:\ttntnb.exe46⤵
- Executes dropped EXE
-
\??\c:\bhnhhh.exec:\bhnhhh.exe47⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe48⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe49⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\7lfrrlx.exec:\7lfrrlx.exe51⤵
- Executes dropped EXE
-
\??\c:\fxfrxrx.exec:\fxfrxrx.exe52⤵
- Executes dropped EXE
-
\??\c:\xllfllr.exec:\xllfllr.exe53⤵
- Executes dropped EXE
-
\??\c:\9btbhh.exec:\9btbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\nthbhh.exec:\nthbhh.exe55⤵
- Executes dropped EXE
-
\??\c:\bbttbh.exec:\bbttbh.exe56⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe57⤵
- Executes dropped EXE
-
\??\c:\7djpv.exec:\7djpv.exe58⤵
- Executes dropped EXE
-
\??\c:\rflrxfl.exec:\rflrxfl.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxxfrx.exec:\ffxxfrx.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxffrf.exec:\lfxffrf.exe61⤵
- Executes dropped EXE
-
\??\c:\nnbbtt.exec:\nnbbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\tnbtbh.exec:\tnbtbh.exe63⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe64⤵
- Executes dropped EXE
-
\??\c:\7jpjj.exec:\7jpjj.exe65⤵
- Executes dropped EXE
-
\??\c:\frfflrx.exec:\frfflrx.exe66⤵
-
\??\c:\xlrfrll.exec:\xlrfrll.exe67⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe68⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe69⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe70⤵
-
\??\c:\7rlrxfr.exec:\7rlrxfr.exe71⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe72⤵
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe73⤵
-
\??\c:\7llrrxl.exec:\7llrrxl.exe74⤵
-
\??\c:\3bntht.exec:\3bntht.exe75⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe76⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe77⤵
-
\??\c:\rllfrrx.exec:\rllfrrx.exe78⤵
-
\??\c:\5tntbb.exec:\5tntbb.exe79⤵
-
\??\c:\nbthnt.exec:\nbthnt.exe80⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe81⤵
-
\??\c:\llfrrrf.exec:\llfrrrf.exe82⤵
-
\??\c:\ttbbht.exec:\ttbbht.exe83⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe84⤵
-
\??\c:\llfllrr.exec:\llfllrr.exe85⤵
-
\??\c:\xlxxrrr.exec:\xlxxrrr.exe86⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe87⤵
-
\??\c:\hbnthb.exec:\hbnthb.exe88⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe89⤵
-
\??\c:\3rfxffr.exec:\3rfxffr.exe90⤵
-
\??\c:\rllxlxl.exec:\rllxlxl.exe91⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe92⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe93⤵
-
\??\c:\fxlrfff.exec:\fxlrfff.exe94⤵
-
\??\c:\5nntnb.exec:\5nntnb.exe95⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe96⤵
-
\??\c:\bbtttn.exec:\bbtttn.exe97⤵
-
\??\c:\hnbbhh.exec:\hnbbhh.exe98⤵
-
\??\c:\1vvdv.exec:\1vvdv.exe99⤵
-
\??\c:\ffflfxl.exec:\ffflfxl.exe100⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe101⤵
-
\??\c:\hhbbhb.exec:\hhbbhb.exe102⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe103⤵
- System Location Discovery: System Language Discovery
-
\??\c:\vvpdd.exec:\vvpdd.exe104⤵
-
\??\c:\fxflxxl.exec:\fxflxxl.exe105⤵
-
\??\c:\xxxrlxl.exec:\xxxrlxl.exe106⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe107⤵
-
\??\c:\nbntnn.exec:\nbntnn.exe108⤵
-
\??\c:\nnntbh.exec:\nnntbh.exe109⤵
-
\??\c:\pppdv.exec:\pppdv.exe110⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe111⤵
-
\??\c:\3fflxfr.exec:\3fflxfr.exe112⤵
-
\??\c:\fxfrfrx.exec:\fxfrfrx.exe113⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe114⤵
-
\??\c:\tnntbh.exec:\tnntbh.exe115⤵
-
\??\c:\3vjdp.exec:\3vjdp.exe116⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe117⤵
-
\??\c:\fflrfxf.exec:\fflrfxf.exe118⤵
-
\??\c:\xxlfxrx.exec:\xxlfxrx.exe119⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe120⤵
- System Location Discovery: System Language Discovery
-
\??\c:\thtthh.exec:\thtthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-